summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTails developers <amnesia@boum.org>2015-02-19 17:19:21 +0100
committerTails developers <amnesia@boum.org>2015-02-19 17:19:21 +0100
commit21ee90f26e146ef197547e23e3fded7be1394644 (patch)
treebee81da95e5cde0ef43857b6dedcde2d49ea9b16
parentd19ab85e0dc7bdd1dbfdde8eef79e3ce7444f54a (diff)
parent9aabb91cbd84b41aa34b7b21fc9065c2b02157bd (diff)
Merge branch 'test/7821-tor' into test/6305-tor-bridges
Conflicts: features/pidgin.feature features/step_definitions/common_steps.rb features/step_definitions/tor.rb wiki/src/contribute/release_process/test.mdwn
-rw-r--r--features/firewall_leaks.feature37
-rw-r--r--features/pidgin.feature1
-rw-r--r--features/step_definitions/common_steps.rb12
-rw-r--r--features/step_definitions/erase_memory.rb4
-rw-r--r--features/step_definitions/firewall_leaks.rb4
-rw-r--r--features/step_definitions/i2p.rb4
-rw-r--r--features/step_definitions/tor.rb80
-rw-r--r--features/step_definitions/torified_misc.rb4
-rw-r--r--features/support/helpers/vm_helper.rb50
-rw-r--r--features/support/hooks.rb4
-rw-r--r--features/tor_enforcement.feature72
-rw-r--r--features/tor_stream_isolation.feature (renamed from features/tor.feature)42
-rw-r--r--features/torified_browsing.feature5
-rw-r--r--features/torified_git.feature6
-rw-r--r--features/torified_misc.feature7
15 files changed, 182 insertions, 150 deletions
diff --git a/features/firewall_leaks.feature b/features/firewall_leaks.feature
deleted file mode 100644
index 775c6e1..0000000
--- a/features/firewall_leaks.feature
+++ /dev/null
@@ -1,37 +0,0 @@
-@product
-Feature:
- As a Tails developer
- I want to ensure that the automated test suite detects firewall leaks reliably
-
- Background:
- Given a computer
- And I capture all network traffic
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And Tor is ready
- And all notifications have disappeared
- And available upgrades have been checked
- And all Internet traffic has only flowed through Tor
- And I save the state so the background can be restored next scenario
-
- Scenario: Detecting IPv4 TCP leaks from the Unsafe Browser
- When I successfully start the Unsafe Browser
- And I open the address "https://check.torproject.org" in the Unsafe Browser
- And I see "UnsafeBrowserTorCheckFail.png" after at most 60 seconds
- Then the firewall leak detector has detected IPv4 TCP leaks
-
- Scenario: Detecting IPv4 TCP leaks of TCP DNS lookups
- Given I disable Tails' firewall
- When I do a TCP DNS lookup of "torproject.org"
- Then the firewall leak detector has detected IPv4 TCP leaks
-
- Scenario: Detecting IPv4 non-TCP leaks (UDP) of UDP DNS lookups
- Given I disable Tails' firewall
- When I do a UDP DNS lookup of "torproject.org"
- Then the firewall leak detector has detected IPv4 non-TCP leaks
-
- Scenario: Detecting IPv4 non-TCP (ICMP) leaks of ping
- Given I disable Tails' firewall
- When I send some ICMP pings
- Then the firewall leak detector has detected IPv4 non-TCP leaks
diff --git a/features/pidgin.feature b/features/pidgin.feature
index 38f033e..83330ce 100644
--- a/features/pidgin.feature
+++ b/features/pidgin.feature
@@ -26,7 +26,6 @@ Feature: Chatting anonymously using Pidgin
Then I see the Tails roadmap URL
When I click on the Tails roadmap URL
Then the Tor Browser has started and loaded the Tails roadmap
- And all Internet traffic has only flowed through Tor
Scenario: Adding a certificate to Pidgin
And I start Pidgin through the GNOME menu
diff --git a/features/step_definitions/common_steps.rb b/features/step_definitions/common_steps.rb
index 5ffbbd9..12cbc9c 100644
--- a/features/step_definitions/common_steps.rb
+++ b/features/step_definitions/common_steps.rb
@@ -56,7 +56,7 @@ def restore_background
@vm.host_to_guest_time_sync
@vm.execute("service tor start")
wait_until_tor_is_working
- @vm.spawn("/usr/local/sbin/restart-vidalia")
+ @vm.spawn("restart-vidalia")
end
else
@vm.host_to_guest_time_sync
@@ -64,7 +64,7 @@ def restore_background
end
Given /^a computer$/ do
- @vm.destroy if @vm
+ @vm.destroy_and_undefine if @vm
@vm = VM.new($virt, VM_XML_PATH, $vmnet, $vmstorage, DISPLAY)
end
@@ -110,12 +110,14 @@ Then /^drive "([^"]+)" is detected by Tails$/ do |name|
end
Given /^the network is plugged$/ do
- next if @skip_steps_while_restoring_background
+ # We don't skip this step when restoring the background to ensure
+ # that the network state is actually the same after restoring as
+ # when the snapshot was made.
@vm.plug_network
end
Given /^the network is unplugged$/ do
- next if @skip_steps_while_restoring_background
+ # See comment in the step "the network is plugged".
@vm.unplug_network
end
@@ -207,7 +209,7 @@ end
When /^I destroy the computer$/ do
next if @skip_steps_while_restoring_background
- @vm.destroy
+ @vm.destroy_and_undefine
end
Given /^the computer (re)?boots Tails$/ do |reboot|
diff --git a/features/step_definitions/erase_memory.rb b/features/step_definitions/erase_memory.rb
index 97970c7..b4bb56b 100644
--- a/features/step_definitions/erase_memory.rb
+++ b/features/step_definitions/erase_memory.rb
@@ -17,7 +17,7 @@ Given /^the computer is an old pentium without the PAE extension$/ do
end
def which_kernel
- kernel_path = @vm.execute("/usr/local/bin/tails-get-bootinfo kernel").stdout.chomp
+ kernel_path = @vm.execute("tails-get-bootinfo kernel").stdout.chomp
return File.basename(kernel_path)
end
@@ -105,7 +105,7 @@ Given /^I fill the guest's memory with a known pattern(| without verifying)$/ do
# since the others otherwise may continue re-filling the same memory
# unnecessarily.
instances = (@detected_ram_m.to_f/(2**10)).ceil
- instances.times { @vm.spawn('/usr/local/sbin/fillram; killall fillram') }
+ instances.times { @vm.spawn('fillram; killall fillram') }
# We make sure that the filling has started...
try_for(10, { :msg => "fillram didn't start" }) {
@vm.has_process?("fillram")
diff --git a/features/step_definitions/firewall_leaks.rb b/features/step_definitions/firewall_leaks.rb
index 1a542b8..8a27ff3 100644
--- a/features/step_definitions/firewall_leaks.rb
+++ b/features/step_definitions/firewall_leaks.rb
@@ -1,6 +1,6 @@
Then(/^the firewall leak detector has detected (.*?) leaks$/) do |type|
next if @skip_steps_while_restoring_background
- leaks = FirewallLeakCheck.new(@custom_sniffer.pcap_file, get_tor_relays)
+ leaks = FirewallLeakCheck.new(@sniffer.pcap_file, get_tor_relays)
case type.downcase
when 'ipv4 tcp'
if leaks.ipv4_tcp_leaks.empty?
@@ -29,7 +29,7 @@ end
Given(/^I disable Tails' firewall$/) do
next if @skip_steps_while_restoring_background
- @vm.execute("/usr/local/sbin/do_not_ever_run_me")
+ @vm.execute("do_not_ever_run_me")
iptables = @vm.execute("iptables -L -n -v").stdout.chomp.split("\n")
for line in iptables do
if !line[/Chain (INPUT|OUTPUT|FORWARD) \(policy ACCEPT/] and
diff --git a/features/step_definitions/i2p.rb b/features/step_definitions/i2p.rb
index 75f7041..4a20afa 100644
--- a/features/step_definitions/i2p.rb
+++ b/features/step_definitions/i2p.rb
@@ -50,10 +50,10 @@ Then /^the I2P firewall rules are (enabled|disabled)$/ do |mode|
accept_rules_count = accept_rules.lines.count
if mode == 'enabled'
assert_equal(13, accept_rules_count)
- step 'the IPv4 firewall configuration only allows the clearnet, i2psvc and debian-tor users to connect directly to the Internet'
+ step 'the firewall is configured to only allow the clearnet, i2psvc and debian-tor users to connect directly to the Internet over IPv4'
elsif mode == 'disabled'
assert_equal(0, accept_rules_count)
- step 'the IPv4 firewall configuration only allows the clearnet and debian-tor users to connect directly to the Internet'
+ step 'the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4'
else
raise "Unsupported mode passed: '#{mode}'"
end
diff --git a/features/step_definitions/tor.rb b/features/step_definitions/tor.rb
index 1051926..6358a75 100644
--- a/features/step_definitions/tor.rb
+++ b/features/step_definitions/tor.rb
@@ -114,6 +114,7 @@ end
Then /^the firewall's NAT rules only redirect traffic for Tor's TransPort and DNSPort$/ do
next if @skip_steps_while_restoring_background
+ tor_onion_addr_space = "127.192.0.0/10"
iptables_nat_output = @vm.execute_successfully("iptables -t nat -L -n -v").stdout
chains = iptables_parse(iptables_nat_output)
chains.each_pair do |name, chain|
@@ -122,7 +123,10 @@ Then /^the firewall's NAT rules only redirect traffic for Tor's TransPort and DN
good_rules = rules.find_all do |rule|
rule["target"] == "REDIRECT" &&
(
- rule["extra"] == "redir ports 9040" ||
+ (
+ rule["destination"] == tor_onion_addr_space &&
+ rule["extra"] == "redir ports 9040"
+ ) ||
rule["extra"] == "udp dpt:53 redir ports 5353"
)
end
@@ -153,22 +157,63 @@ Then /^the firewall is configured to block all IPv6 traffic$/ do
!["DROP", "REJECT", "LOG"].include?(rule["target"])
end
assert(bad_rules.empty?,
- "The NAT table's OUTPUT chain contains some unexptected rules:\n" +
+ "The IPv6 table's #{name} chain contains some unexptected rules:\n" +
(bad_rules.map { |r| r["rule"] }).join("\n"))
end
end
-Then /^untorified network connections to (\S+) fail$/ do |host|
+def firewall_has_dropped_packet_to?(proto, host, port)
+ regex = "Dropped outbound packet: .* DST=#{host} .* PROTO=#{proto} "
+ regex += ".* DPT=#{port} " if port
+ @vm.execute("grep -q '#{regex}' /var/log/syslog").success?
+end
+
+When /^I open an untorified (TCP|UDP|ICMP) connections to (\S*)(?: on port (\d+))? that is expected to fail$/ do |proto, host, port|
next if @skip_steps_while_restoring_background
- expected_stderr = "curl: (7) couldn't connect to host"
- cmd = "unset SOCKS_SERVER ; unset SOCKS5_SERVER ; " \
- "curl --noproxy '*' 'http://#{host}'"
- status = @vm.execute(cmd, LIVE_USER)
- assert(!status.success? && status.stderr[expected_stderr],
- "The command `#{cmd}` didn't fail as expected:\n#{status.to_s}")
+ assert(!firewall_has_dropped_packet_to?(proto, host, port),
+ "A #{proto} packet to #{host}" +
+ (port.nil? ? "" : ":#{port}") +
+ " has already been dropped by the firewall")
+ @conn_proto = proto
+ @conn_host = host
+ @conn_port = port
+ case proto
+ when "TCP"
+ assert_not_nil(port)
+ cmd = "echo | netcat #{host} #{port}"
+ when "UDP"
+ assert_not_nil(port)
+ cmd = "echo | netcat -u #{host} #{port}"
+ when "ICMP"
+ cmd = "ping -c 5 #{host}"
+ end
+ @conn_res = @vm.execute(cmd, LIVE_USER)
+end
+
+Then /^the untorified connection fails$/ do
+ next if @skip_steps_while_restoring_background
+ case @conn_proto
+ when "TCP"
+ expected_in_stderr = "Connection refused"
+ conn_failed = !@conn_res.success? &&
+ @conn_res.stderr.chomp.end_with?(expected_in_stderr)
+ when "UDP", "ICMP"
+ conn_failed = !@conn_res.success?
+ end
+ assert(conn_failed,
+ "The untorified #{@conn_proto} connection didn't fail as expected:\n" +
+ @conn_res.to_s)
end
-When /^the system DNS is( still)? using the local DNS resolver$/ do |_|
+Then /^the untorified connection is logged as dropped by the firewall$/ do
+ next if @skip_steps_while_restoring_background
+ assert(firewall_has_dropped_packet_to?(@conn_proto, @conn_host, @conn_port),
+ "No #{@conn_proto} packet to #{@conn_host}" +
+ (@conn_port.nil? ? "" : ":#{@conn_port}") +
+ " was dropped by the firewall")
+end
+
+When /^the system DNS is(?: still)? using the local DNS resolver$/ do
next if @skip_steps_while_restoring_background
resolvconf = @vm.file_content("/etc/resolv.conf")
bad_lines = resolvconf.split("\n").find_all do |line|
@@ -187,7 +232,7 @@ def stream_isolation_info(application)
:socksport => 9062
}
when "tails-security-check", "tails-upgrade-frontend-wrapper"
- # We only grep connections with ESTABLISHED statate since `perl`
+ # We only grep connections with ESTABLISHED state since `perl`
# is also used by monkeysphere's validation agent, which LISTENs
{
:grep_monitor_expr => '\<ESTABLISHED\>.\+/perl\>',
@@ -246,25 +291,20 @@ end
And /^I re-run tails-security-check$/ do
next if @skip_steps_while_restoring_background
- @vm.execute_successfully("/usr/local/bin/tails-security-check", LIVE_USER)
+ @vm.execute_successfully("tails-security-check", LIVE_USER)
end
And /^I re-run htpdate$/ do
next if @skip_steps_while_restoring_background
- @vm.execute_successfully("service htpdate stop ; " \
- "rm -f /var/run/htpdate/* ; " \
+ @vm.execute_successfully("service htpdate stop && " \
+ "rm -f /var/run/htpdate/* && " \
"service htpdate start")
step "the time has synced"
end
And /^I re-run tails-upgrade-frontend-wrapper$/ do
next if @skip_steps_while_restoring_background
- @vm.execute_successfully("/usr/local/bin/tails-upgrade-frontend-wrapper", LIVE_USER)
-end
-
-And /^I do a whois-lookup of domain (.+)$/ do |domain|
- next if @skip_steps_while_restoring_background
- @vm.execute_successfully("/usr/local/bin/whois '#{domain}'", LIVE_USER)
+ @vm.execute_successfully("tails-upgrade-frontend-wrapper", LIVE_USER)
end
When /^I connect Gobby to "([^"]+)"$/ do |host|
diff --git a/features/step_definitions/torified_misc.rb b/features/step_definitions/torified_misc.rb
index d24b2c9..610234f 100644
--- a/features/step_definitions/torified_misc.rb
+++ b/features/step_definitions/torified_misc.rb
@@ -1,7 +1,7 @@
When /^I query the whois directory service for "([^"]+)"$/ do |domain|
next if @skip_steps_while_restoring_background
@vm_execute_res = @vm.execute(
- "/usr/local/bin/whois '#{domain}'",
+ "whois '#{domain}'",
LIVE_USER)
end
@@ -10,7 +10,7 @@ When /^I wget "([^"]+)" to stdout(?:| with the '([^']+)' options)$/ do |url, opt
arguments = "-O - '#{url}'"
arguments = "#{options} #{arguments}" if options
@vm_execute_res = @vm.execute(
- "/usr/local/bin/wget #{arguments}",
+ "wget #{arguments}",
LIVE_USER)
end
diff --git a/features/support/helpers/vm_helper.rb b/features/support/helpers/vm_helper.rb
index 174e15e..117b65b 100644
--- a/features/support/helpers/vm_helper.rb
+++ b/features/support/helpers/vm_helper.rb
@@ -3,22 +3,24 @@ require 'rexml/document'
class VMNet
- attr_reader :net_name, :net, :ip, :mac, :bridge_name
+ attr_reader :net_name, :net
def initialize(virt, xml_path)
@virt = virt
net_xml = File.read("#{xml_path}/default_net.xml")
update(net_xml)
rescue Exception => e
- clean_up
+ destroy_and_undefine
raise e
end
- def clean_up
+ # We lookup by name so we also catch networks from previous test
+ # suite runs that weren't properly cleaned up (e.g. aborted).
+ def destroy_and_undefine
begin
- net = @virt.lookup_network_by_name(@net_name)
- net.destroy if net.active?
- net.undefine
+ old_net = @virt.lookup_network_by_name(@net_name)
+ old_net.destroy if old_net.active?
+ old_net.undefine
rescue
end
end
@@ -26,21 +28,17 @@ class VMNet
def update(xml)
net_xml = REXML::Document.new(xml)
@net_name = net_xml.elements['network/name'].text
- clean_up
+ destroy_and_undefine
@net = @virt.define_network_xml(xml)
@net.create
- @ip = net_xml.elements['network/ip/dhcp/host/'].attributes['ip']
- @mac = net_xml.elements['network/ip/dhcp/host/'].attributes['mac']
- @bridge_name = @net.bridge_name
end
- def destroy
- @net.destroy if net.active?
- @net.undefine
+ def bridge_name
+ @net.bridge_name
end
def bridge_mac
- File.open("/sys/class/net/#{@bridge_name}/address", "rb").read.chomp
+ File.open("/sys/class/net/#{bridge_name}/address", "rb").read.chomp
end
end
@@ -48,7 +46,7 @@ end
class VM
- attr_reader :domain, :display, :ip, :mac, :vmnet, :storage
+ attr_reader :domain, :display, :vmnet, :storage
def initialize(virt, xml_path, vmnet, storage, x_display)
@virt = virt
@@ -61,22 +59,25 @@ class VM
set_cdrom_boot(TAILS_ISO)
plug_network
rescue Exception => e
- clean_up
+ destroy_and_undefine
raise e
end
def update(xml)
domain_xml = REXML::Document.new(xml)
@domain_name = domain_xml.elements['domain/name'].text
- clean_up
+ destroy_and_undefine
@domain = @virt.define_domain_xml(xml)
end
- def clean_up
+ # We lookup by name so we also catch domains from previous test
+ # suite runs that weren't properly cleaned up (e.g. aborted).
+ def destroy_and_undefine
begin
- domain = @virt.lookup_domain_by_name(@domain_name)
- domain.destroy if domain.active?
- domain.undefine
+ old_domain = @virt.lookup_domain_by_name(@domain_name)
+ old_domain.destroy if old_domain.active?
+ old_domain.undefine
+ @display.stop if @display && @display.active?
rescue
end
end
@@ -397,7 +398,7 @@ EOF
def restore_snapshot(path)
# Clean up current domain so its snapshot can be restored
- clean_up
+ destroy_and_undefine
Libvirt::Domain::restore(@virt, path)
@domain = @virt.lookup_domain_by_name(@domain_name)
@display.start
@@ -420,11 +421,6 @@ EOF
@display.stop
end
- def destroy
- clean_up
- power_off
- end
-
def take_screenshot(description)
@display.take_screenshot(description)
end
diff --git a/features/support/hooks.rb b/features/support/hooks.rb
index b1cafda..8069ef9 100644
--- a/features/support/hooks.rb
+++ b/features/support/hooks.rb
@@ -70,7 +70,7 @@ end
AfterFeature('@product') do
delete_snapshot($background_snapshot) if !KEEP_SNAPSHOTS
$vmstorage.clear_pool
- $vmnet.destroy
+ $vmnet.destroy_and_undefine
$virt.close
end
@@ -123,7 +123,7 @@ After('@product') do |scenario|
@sniffer.stop
@sniffer.clear
end
- @vm.destroy if @vm
+ @vm.destroy_and_undefine if @vm
end
After('@product', '~@keep_volumes') do
diff --git a/features/tor_enforcement.feature b/features/tor_enforcement.feature
new file mode 100644
index 0000000..bdfd285
--- /dev/null
+++ b/features/tor_enforcement.feature
@@ -0,0 +1,72 @@
+@product
+Feature: The Tor enforcement is effective
+ As a Tails user
+ I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked
+ And as a Tails developer
+ I want to ensure that the automated test suite detects firewall leaks reliably
+
+ Background:
+ Given a computer
+ When I start Tails from DVD and I login
+ And I save the state so the background can be restored next scenario
+
+ Scenario: The firewall configuration is very restrictive
+ Then the firewall's policy is to drop all IPv4 traffic
+ And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4
+ And the firewall's NAT rules only redirect traffic for Tor's TransPort and DNSPort
+ And the firewall is configured to block all IPv6 traffic
+
+ Scenario: Anti test: Detecting IPv4 TCP leaks from the Unsafe Browser with the firewall leak detector
+ Given I capture all network traffic
+ When I successfully start the Unsafe Browser
+ And I open the address "https://check.torproject.org" in the Unsafe Browser
+ And I see "UnsafeBrowserTorCheckFail.png" after at most 60 seconds
+ Then the firewall leak detector has detected IPv4 TCP leaks
+
+ Scenario: Anti test: Detecting IPv4 TCP leaks of TCP DNS lookups with the firewall leak detector
+ Given I capture all network traffic
+ And I disable Tails' firewall
+ When I do a TCP DNS lookup of "torproject.org"
+ Then the firewall leak detector has detected IPv4 TCP leaks
+
+ Scenario: Anti test: Detecting IPv4 non-TCP leaks (UDP) of UDP DNS lookups with the firewall leak detector
+ Given I capture all network traffic
+ And I disable Tails' firewall
+ When I do a UDP DNS lookup of "torproject.org"
+ Then the firewall leak detector has detected IPv4 non-TCP leaks
+
+ Scenario: Anti test: Detecting IPv4 non-TCP (ICMP) leaks of ping with the firewall leak detector
+ Given I capture all network traffic
+ And I disable Tails' firewall
+ When I send some ICMP pings
+ Then the firewall leak detector has detected IPv4 non-TCP leaks
+
+ @check_tor_leaks
+ Scenario: The Tor enforcement is effective at blocking untorified TCP connection attempts
+ When I open an untorified TCP connections to 1.2.3.4 on port 42 that is expected to fail
+ Then the untorified connection fails
+ And the untorified connection is logged as dropped by the firewall
+
+ @check_tor_leaks
+ Scenario: The Tor enforcement is effective at blocking untorified UDP connection attempts
+ When I open an untorified UDP connections to 1.2.3.4 on port 42 that is expected to fail
+ Then the untorified connection fails
+ And the untorified connection is logged as dropped by the firewall
+
+ @check_tor_leaks
+ Scenario: The Tor enforcement is effective at blocking untorified ICMP connection attempts
+ When I open an untorified ICMP connections to 1.2.3.4 that is expected to fail
+ Then the untorified connection fails
+ And the untorified connection is logged as dropped by the firewall
+
+ Scenario: The system DNS is always set up to use Tor's DNSPort
+ Given a computer
+ And the network is unplugged
+ And I start the computer
+ And the computer boots Tails
+ And I log in to a new session
+ And GNOME has started
+ And the system DNS is using the local DNS resolver
+ And the network is plugged
+ And Tor is ready
+ Then the system DNS is still using the local DNS resolver
diff --git a/features/tor.feature b/features/tor_stream_isolation.feature
index 3abde9a..345888a 100644
--- a/features/tor.feature
+++ b/features/tor_stream_isolation.feature
@@ -1,92 +1,60 @@
-@product
-Feature: Tor is configured properly
+@product @check_tor_leaks
+Feature: Tor stream isolation is effective
As a Tails user
- I want all direct Internet connections I do by mistake to be blocked
- And I want my Torified sessions to be sensibly isolated from each other to prevent identity correlation
+ I want my Torified sessions to be sensibly isolated from each other to prevent identity correlation
Background:
Given a computer
When I start Tails from DVD and I login
And I save the state so the background can be restored next scenario
- Scenario: The firewall configuration is very restrictive
- Then the firewall's policy is to drop all IPv4 traffic
- And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4
- And the firewall's NAT rules only redirect traffic for Tor's TransPort and DNSPort
- And the firewall is configured to block all IPv6 traffic
-
- @check_tor_leaks
- Scenario: The Tor enforcement is effective at blocking untorified connection attempts
- Then untorified network connections to monip.org fail
- And untorified network connections to 1.2.3.4 fail
-
- @check_tor_leaks
Scenario: tails-security-check is using the Tails-specific SocksPort
When I monitor the network connections of tails-security-check
And I re-run tails-security-check
Then I see that tails-security-check is properly stream isolated
- @check_tor_leaks
Scenario: htpdate is using the Tails-specific SocksPort
When I monitor the network connections of htpdate
And I re-run htpdate
Then I see that htpdate is properly stream isolated
- @check_tor_leaks
Scenario: tails-upgrade-frontend-wrapper is using the Tails-specific SocksPort
When I monitor the network connections of tails-upgrade-frontend-wrapper
And I re-run tails-upgrade-frontend-wrapper
Then I see that tails-upgrade-frontend-wrapper is properly stream isolated
- @check_tor_leaks
Scenario: The Tor Browser is using the web browser-specific SocksPort
When I monitor the network connections of Tor Browser
And I start the Tor Browser
And the Tor Browser has started and loaded the startup page
Then I see that Tor Browser is properly stream isolated
- @check_tor_leaks
Scenario: Gobby is using the default SocksPort
When I monitor the network connections of Gobby
And I start "Gobby" via the GNOME "Internet" applications menu
And I connect Gobby to "gobby.debian.org"
Then I see that Gobby is properly stream isolated
- @check_tor_leaks
Scenario: SSH is using the default SocksPort
When I monitor the network connections of SSH
And I run "ssh lizard.tails.boum.org" in GNOME Terminal
And I see "SSHAuthVerification.png" after at most 60 seconds
Then I see that SSH is properly stream isolated
- @check_tor_leaks
Scenario: whois lookups use the default SocksPort
When I monitor the network connections of whois
- And I do a whois-lookup of domain boum.org
+ And I query the whois directory service for "boum.org"
+ And the whois command is successful
Then I see that whois is properly stream isolated
- @check_tor_leaks
Scenario: Explicitly torify-wrapped applications are using the default SocksPort
When I monitor the network connections of Gobby
And I run "torify /usr/bin/gobby-0.5" in GNOME Terminal
And I connect Gobby to "gobby.debian.org"
Then I see that Gobby is properly stream isolated
- @check_tor_leaks
Scenario: Explicitly torsocks-wrapped applications are using the default SocksPort
When I monitor the network connections of Gobby
And I run "torsocks /usr/bin/gobby-0.5" in GNOME Terminal
And I connect Gobby to "gobby.debian.org"
Then I see that Gobby is properly stream isolated
-
- Scenario: The system DNS is always set up to use Tor's DNSPort
- Given a computer
- And the network is unplugged
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And GNOME has started
- And the system DNS is using the local DNS resolver
- And the network is plugged
- And Tor is ready
- Then the system DNS is still using the local DNS resolver
diff --git a/features/torified_browsing.feature b/features/torified_browsing.feature
index 3133555..fd6fe25 100644
--- a/features/torified_browsing.feature
+++ b/features/torified_browsing.feature
@@ -24,6 +24,7 @@ Feature: Browsing the web using the Tor Browser
Then I can save the current page as "index.html" to the default downloads directory
And I can print the current page as "output.pdf" to the default downloads directory
+ @check_tor_leaks
Scenario: Importing an OpenPGP key from a website
When I start the Tor Browser
And the Tor Browser has started and loaded the startup page
@@ -32,6 +33,7 @@ Feature: Browsing the web using the Tor Browser
When I accept to import the key with Seahorse
Then I see "KeyImportedNotification.png" after at most 10 seconds
+ @check_tor_leaks
Scenario: Playing HTML5 audio
When I start the Tor Browser
And the Tor Browser has started and loaded the startup page
@@ -39,8 +41,8 @@ Feature: Browsing the web using the Tor Browser
And I open the address "http://www.terrillthompson.com/tests/html5-audio.html" in the Tor Browser
And I click the HTML5 play button
And 1 application is playing audio after 10 seconds
- And all Internet traffic has only flowed through Tor
+ @check_tor_leaks
Scenario: Watching a WebM video
When I start the Tor Browser
And the Tor Browser has started and loaded the startup page
@@ -49,7 +51,6 @@ Feature: Browsing the web using the Tor Browser
And I see "TorBrowserNoScriptTemporarilyAllowDialog.png" after at most 10 seconds
And I accept to temporarily allow playing this video
Then I see "TorBrowserSampleRemoteWebMVideoFrame.png" after at most 180 seconds
- And all Internet traffic has only flowed through Tor
Scenario: I can view a file stored in "~/Tor Browser" but not in ~/.gnupg
Given I copy "/usr/share/synaptic/html/index.html" to "/home/amnesia/Tor Browser/synaptic.html" as user "amnesia"
diff --git a/features/torified_git.feature b/features/torified_git.feature
index b32db42..4aa5132 100644
--- a/features/torified_git.feature
+++ b/features/torified_git.feature
@@ -1,4 +1,4 @@
-@product
+@product @check_tor_leaks
Feature: Cloning a Git repository
As a Tails user
when I clone a Git repository
@@ -6,7 +6,6 @@ Feature: Cloning a Git repository
Background:
Given a computer
- And I capture all network traffic
And I start the computer
And the computer boots Tails
And I log in to a new session
@@ -21,14 +20,12 @@ Feature: Cloning a Git repository
Then process "git" is running within 10 seconds
And process "git" has stopped running after at most 180 seconds
And the Git repository "testing" has been cloned successfully
- And all Internet traffic has only flowed through Tor
Scenario: Cloning a Git repository anonymously over the Git protocol
When I run "git clone git://git.tails.boum.org/myprivatekeyispublic/testing" in GNOME Terminal
Then process "git" is running within 10 seconds
And process "git" has stopped running after at most 180 seconds
And the Git repository "testing" has been cloned successfully
- And all Internet traffic has only flowed through Tor
Scenario: Cloning git repository over SSH
Given I have the SSH key pair for a Git repository
@@ -37,4 +34,3 @@ Feature: Cloning a Git repository
When I verify the SSH fingerprint for the Git repository
And process "git" has stopped running after at most 180 seconds
Then the Git repository "testing" has been cloned successfully
- And all Internet traffic has only flowed through Tor
diff --git a/features/torified_misc.feature b/features/torified_misc.feature
index fa2e50f..7ce111a 100644
--- a/features/torified_misc.feature
+++ b/features/torified_misc.feature
@@ -1,9 +1,8 @@
-@product
+@product @check_tor_leaks
Feature: Various checks for torified software
Background:
Given a computer
- And I capture all network traffic
And I start the computer
And the computer boots Tails
And I log in to a new session
@@ -17,21 +16,17 @@ Feature: Various checks for torified software
When I wget "http://example.com/" to stdout
Then the wget command is successful
And the wget standard output contains "Example Domain"
- And all Internet traffic has only flowed through Tor
Scenario: wget(1) should work for HTTPS and go through Tor.
When I wget "https://example.com/" to stdout
Then the wget command is successful
And the wget standard output contains "Example Domain"
- And all Internet traffic has only flowed through Tor
Scenario: wget(1) with tricky options should work for HTTP and go through Tor.
When I wget "http://195.154.14.189/tails/stable/" to stdout with the '--spider --header="Host: dl.amnesia.boum.org"' options
Then the wget command is successful
- And all Internet traffic has only flowed through Tor
Scenario: whois(1) should work and go through Tor.
When I query the whois directory service for "torproject.org"
Then the whois command is successful
Then the whois standard output contains "The Tor Project"
- And all Internet traffic has only flowed through Tor